# Configuring the Helm Chart

## Shared Config

For the `hatchet-stack` and `hatchet-ha` Helm charts, the `sharedConfig` object in the `values.yaml` file allows you to configure shared settings for all backend services. The default values are:

```yaml
sharedConfig:
  # you can disable shared config by setting this to false
  enabled: true

  # these are the most commonly configured values
  serverUrl: "http://localhost:8080"
  serverAuthCookieDomain: "localhost:8080" # the domain for the auth cookie
  serverAuthCookieInsecure: "t" # allows cookies to be set over http
  serverAuthSetEmailVerified: "t" # automatically sets email_verified to true for all users
  serverAuthBasicAuthEnabled: "t" # allows login via basic auth (email/password)
  grpcBroadcastAddress: "localhost:7070" # the endpoint for the gRPC server, exposed via the `grpc` service
  grpcInsecure: "true" # allows gRPC to be served over http
  defaultAdminEmail: "admin@example.com" # in exposed/production environments, change this to a valid email
  defaultAdminPassword: "Admin123!!" # in exposed/production environments, change this to a secure password

  # you can set additional environment variables here, which will override any defaults
  env: {}
```

### Networking

- **`sharedConfig.serverUrl`** (default: `"http://localhost:8080"`): specifies the base URL for the server. This URL should be the public-facing URL of the Hatchet API server (which is typically bundled behind a reverse proxy with the Hatchet frontend).

- **`sharedConfig.grpcBroadcastAddress`** (default: `"localhost:7070"`): defines the address for the gRPC server endpoint, which is exposed via the `grpc` service.

- **`sharedConfig.grpcInsecure`** (default: `"true"`): when set to `true`, allows the gRPC server to be served over HTTP instead of HTTPS. Use this in non-production environments only.

### Authentication

- **`sharedConfig.serverAuthCookieDomain`** (default: `"localhost:8080"`): specifies the domain for the authentication cookie. Should be set to the appropriate domain when deploying to production.

- **`sharedConfig.serverAuthCookieInsecure`** (default: `"t"`): if set to `"t"`, allows authentication cookies to be set over HTTP, useful for local development. In production, use a secure setting.

- **`sharedConfig.serverAuthSetEmailVerified`** (default: `"t"`): automatically sets `email_verified` to `true` for all users. This is useful for testing environments where email verification is not necessary.

- **`sharedConfig.serverAuthBasicAuthEnabled`** (default: `"t"`): enables basic authentication (using email and password) for users. Should be enabled if the system needs to support user logins via email/password.

- **`sharedConfig.defaultAdminEmail`** (default: `"admin@example.com"`): specifies the email for the default administrator account. Change this to a valid email when deploying to production environments.

- **`sharedConfig.defaultAdminPassword`** (default: `"Admin123!!"`): defines the password for the default administrator account. This should be changed to a strong password for production deployments.

### Additional Env Variables

You can set additional environment variables for the backend services using the `env` object. For example:

```yaml
sharedConfig:
  env:
    MY_ENV_VAR: "my-value"
```

This will set the environment variable `MY_ENV_VAR` to `"my-value"` for all backend services. These values will override any default environment settings for the services.

### Seeding Data

The `sharedConfig` object also allows you to seed the database with a default tenant and user. The following environment variables are used for seeding:

````yaml
The following environment variables are used to seed the database:

```yaml
seed:
  defaultAdminEmail: "admin@example.com" # in exposed/production environments, change this to a valid email
  defaultAdminPassword: "Admin123!!" # in exposed/production environments, change this to a secure password
  env:
    ADMIN_NAME: "Admin User"
    DEFAULT_TENANT_NAME: "Default"
    DEFAULT_TENANT_SLUG: "default"
    DEFAULT_TENANT_ID: "707d0855-80ab-4e1f-a156-f1c4546cbf52"
````
